Because sharing
is caring.
Min
Min
Min
By polict
16/02/2021
Hunting for bugs in Telegram’s animated stickers remote attack surface
polict's 2020 journey in researching the lottie animation format, its integration in mobile apps and the vulnerabilities triggerable by a remote attacker against any Telegram user.
Min
By zi0black
02/11/2020
Re-discovering a JWT Authentication Bypass in ServiceStack
ServiceStack in version 5.9.2 almost silently patched a vulnerability which allowed to bypass JWT signature.
Min
Min
By smaury
27/04/2020
Keybase client allowed inject arbitrary links with arbitrary protocols. This caused a Remote Command Execution on Windows and MacOS.
Min
By thezero
20/04/2020
NotSoSmartConfig: broadcasting WiFi credentials Over-The-Air
Security analysis of the SmartConfig procol by Espressif and publishing of the NotSoSmartConfig tool, able to retrieve WiFi credentials from a PCAP.
Min
Min
Min